|
223261
|
7.5 |
HIGH
Network
|
bloq
|
univalue
|
UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-18936
|
2024-11-21 13:33 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223262
|
6.1 |
MEDIUM
Network
|
squid-cache
debian
canonical
opensuse
|
squid
debian_linux
ubuntu_linux
leap
|
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
|
CWE-74
Injection
|
CVE-2019-18860
|
2024-11-21 13:33 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223263
|
9.8 |
CRITICAL
Network
|
sparkdevnetwork
|
rock_rms
|
Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller.
|
NVD-CWE-noinfo
|
CVE-2019-18641
|
2024-11-21 13:33 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223264
|
7.5 |
HIGH
Network
|
suitecrm
|
suitecrm
|
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-18785
|
2024-11-21 13:33 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223265
|
5.3 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
|
NVD-CWE-Other
|
CVE-2019-18782
|
2024-11-21 13:33 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223266
|
7.8 |
HIGH
Local
|
claranova
|
adaware_antivirus
|
Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into …
|
NVD-CWE-noinfo
|
CVE-2019-18979
|
2024-11-21 13:33 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223267
|
7.2 |
HIGH
Network
|
dell
|
emc_data_protection_advisor
emc_integrated_data_protection_appliance_firmware
|
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A…
|
CWE-94
Code Injection
|
CVE-2019-18582
|
2024-11-21 13:33 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223268
|
7.2 |
HIGH
Network
|
dell
|
emc_data_protection_advisor
emc_integrated_data_protection_appliance_firmware
|
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A r…
|
CWE-862
Missing Authorization
|
CVE-2019-18581
|
2024-11-21 13:33 |
2020-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223269
|
6.5 |
MEDIUM
Network
|
hp
|
envy_5000_m2u85a_firmware
envy_5000_m2u85b_firmware
envy_5000_m2u91a_firmware
envy_5000_m2u94b_firmware
envy_5000_z4a54a_firmware
envy_5000_z4a74a_firmware
deskjet_ink_advantage_500…
|
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-18917
|
2024-11-21 13:33 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223270
|
9.0 |
CRITICAL
Network
|
dell
|
xtremio_management_server
|
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious H…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18578
|
2024-11-21 13:33 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
